Priya PatelTLDR:
- Weaponized PDF files are being used by hackers to deliver Byakugan malware on Windows.
- Fortinet researchers discovered a Portuguese PDF file spreading the malware in January 2024.
Cybersecurity researchers at Fortinet have identified a new trend where hackers are using weaponized PDF files to deliver Byakugan malware. This malware is distributed through a Portuguese PDF file that tricks users into clicking a link by presenting a blurred table. Once the link is clicked, a downloader is activated that drops a copy and takes down a DLL for DLL-hijacking. The downloader then retrieves the main module (chrome.exe) and behaves differently depending on its name in the temp folder for malware evasion.
Byakugan malware includes features such as screen monitoring, screen capture, keylogger, file manipulation, browser information stealing, and anti-analysis techniques. This malware is part of a growing trend to merge malicious components, making it difficult to identify accurately due to increased noise. Some important Indicators of Compromise (IoCs) include Git repositories and C2 servers like blamefade.com and thinkforce.com. The malware can be analyzed using ANY.RUN to understand its behavior and impact on the system.
Overall, the use of weaponized PDF files to deliver Byakugan malware highlights the evolving tactics of hackers and the need for advanced cybersecurity measures to protect against such threats.
